Details
-
Documentation
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Document all linux namespace support semantics in Mesos. Specifically:
Current semantic:
| Namespace | Top Level Container | Nested Container | |------------------------|-----------------------|------------------------| | Mount | Not shared | Not shared | | PID | Not shared | Not shared | | Network & UTS | Configurable | Shared w/ parent | | IPC | Not shared | Not shared | | Cgroup (not supported) | Shared w/ agent | Shared w/ parent | | User (not supported) | Shared w/ agent (TBD) | Shared w/ parent (TBD) |
future plan:
| Namespace | Top Level Container | Nested Container | |------------------------|-------------------------------|--------------------------------| | Mount | Not shared | Not shared | | PID | Not shared -> Configurable | Not shared -> Configurable | | Network & UTS | Configurable | Shared w/ parent | | IPC | Not shared -> Configurable | Not shared -> Configurable | | Cgroup (not supported) | Shared w/ agent -> Not Shared | Shared w/ parent -> Not Shared | | User (not supported) | Shared w/ agent (TBD) | Shared w/ parent (TBD) |
Also, document the PID namespace user facing and operator facing API:
message LinuxInfo {
......
// If set as 'true', the container shares the pid namespace with
// its parent. If the container is a top level container, it will
// share the pid namespace with the agent. If the container is a
// nested container, it will share the pid namespace with its
// parent container. This field will be ignored if 'namespaces/pid'
// isolator is not enabled.
optional bool share_pid_namespace = 4;
}
--disallow_sharing_agent_pid_namespace (default: false)